WO2016190910A2 - Block cipher - Google Patents

Block cipher Download PDF

Info

Publication number
WO2016190910A2
WO2016190910A2 PCT/US2016/014497 US2016014497W WO2016190910A2 WO 2016190910 A2 WO2016190910 A2 WO 2016190910A2 US 2016014497 W US2016014497 W US 2016014497W WO 2016190910 A2 WO2016190910 A2 WO 2016190910A2
Authority
WO
WIPO (PCT)
Prior art keywords
biometric
cipher
tables
data
encryption
Prior art date
Application number
PCT/US2016/014497
Other languages
French (fr)
Other versions
WO2016190910A3 (en
Inventor
Anupam VERMA
Original Assignee
Hewlett Packard Enterprise Development Lp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Enterprise Development Lp filed Critical Hewlett Packard Enterprise Development Lp
Publication of WO2016190910A2 publication Critical patent/WO2016190910A2/en
Publication of WO2016190910A3 publication Critical patent/WO2016190910A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • Biock ciphers are a form of cryptography used to encrypt and decrypt data based on a symmetric key.
  • the symmetric key specifies an unvarying transformation to appiy to groups of bits (i.e., biocks) of the data having a fixed length.
  • B!ock ciphers perform multiple rounds of operations, such as substitutions and permutations, on each biock to introduce confusion and diffusion into the encrypted data.
  • the substitution operations are implemented using tables such as substitution boxes (s-boxes).
  • substitution boxes s-boxes.
  • the 64-bit Data Encryption Standard (DES) block cipher uses eight s-boxes to encrypt and decrypt data and the 128-bit DES block cipher uses 16 s-boxes to encrypt and decrypt data.
  • DES Data Encryption Standard
  • Figure 1 is a biock diagram illustrating one example of a system for encrypting and decrypting data.
  • Figure 2 is a biock diagram illustrating another exampie of a system for encrypting and decrypting data.
  • Figure 3 is a biock diagram ii!ustrating one examp!e of a processing system for encrypting and decrypting data.
  • Figure 4 is a flow diagram illustrating one example of a method for encrypting and decrypting data. Detailed Description
  • Block ciphers such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES) use a static set of tables (e.g., s-boxes) and a key (e.g., symmetric key) for encrypting and decrypting data.
  • DES Data Encryption Standard
  • AES Advanced Encryption Standard
  • a static set of tables e.g., s-boxes
  • a key e.g., symmetric key
  • the subset of tabies to be used by the block cipher is selected based on a sensed biometnc characteristic of a user. Thus, since the sensed biometric characteristic should vary for each user, the subset of tabies selected to be used by the block cipher should also vary for each user.
  • Figure i is a biock diagram illustrating one example of a system 100 for encrypting and decrypting data inciudtng selecting tables used by the encryption and decryption based on a sensed biometric characteristic.
  • System 100 includes a biometric sensor 102 and an encryption/decryption device 106.
  • Biometric sensor 102 is communicatively coupled to encryption/decryption device 106 through a communication path 104.
  • Encryption/decryption device 106 includes cipher tabies 108 and cipher logic 112.
  • Cipher fables 108 are communicatively coupled to cipher logic 112 through a communication path 110.
  • Biometric sensor 102 includes a physiological or behavioral sensor for sensing a biometric characteristic of a user to provide a biometric vaiue that uniquely identifies the user.
  • a physiological biometric sensor may sense a fingerprint, a palm print, palm veins, hand geometry, a face, an iris, a retina, DMA, or other suitable physioiogicaf characteristic of a user that uniquely identifies the user.
  • a behavioral sensor may sense a voice, a typing rhythm, a gait, or other suitable behavioral characteristic of a user that uniquely identifies the user.
  • biometric sensor 102 After sensing a biometric characteristic of a user, biometric sensor 102 provides a biometric vaiue representative of the biometric characteristic to encryption/decryption device 106 through communication link 104. in one example, biometric sensor 102 encrypts the biometric value prior to providing the biometric vaiue to encryption/decryption device 106.
  • Encryption/decryption device 106 receives the biometric value from biometric sensor 102, input data on communication path 114, and a key (e.g., symmetric key) on communication path 116 to provide output data on communication path 118.
  • Cipher tabies 108 include a plurality of tabies (e.g., s- boxes) used by cipher logic 112 to encrypt or decrypt the input data to provide the output data.
  • Cipher iogic 112 may implement any suitable block cipher, such as DES or AES. The number of cipher tabies used by cipher iogic 1 12 depends on the block cipher used.
  • the number of cipher tables 108 is greater than the number of cipher tables used by cipher iogic 1 12 to perform the encryption or decryption.
  • the biometric value is used to select a subset of cipher tables 108 to be used by cipher logic 112.
  • cipher tabies 108 include 100 to 1000 tables or more, which are avaiiabSe for possible selection based on the biometric va!ue.
  • cipher tabies 108 include at least 10 times the number of tables used by cipher logic 112 such that the cipher iogic uses iess than 10% of the available fables, in any case, the greater the number of cipher tables 108 available for selection based on the biometric vaiue, the more secure the encryption process wilt be. Any suitabie method may be used to select the tables used by cipher logic 112 based on the biometric vaiue.
  • each table may be selected based on a different portion of the biometric vaiue. For a 50 digit decimal text biometric value, for example, every five digits may be used to select a table either directiy or by using a key-vaiue map for a total selection of 10 tables.
  • system 100 may begin by having a user authenticate themselves by using a password, pattern lock, or other suitabie method. The user may then be prompted to have a biometric characteristic sensed by biometric sensor 102.
  • Biometric sensor 102 senses the biometric characteristic and provides a biometric vaiue representative of the biometric characteristic in a suitabie format, such as a text value or numeric vaiue.
  • the biometric vaiue is used by encryption/decryption device 106 to select a subset of tabies from cipher tabies 108 to be used by cipher Iogic 112.
  • Cipher Iogic 112 then uses the selected subset of tables to encrypt or decrypt the input data based on the key to provide the output data, in response to receiving unencrypted input data, cipher logic 112 encrypts the input data to provide encrypted output data. In response to receiving encrypted input data, cipher logic 112 decrypts the input data to provide decrypted output data. Cipher logic 112 performs operations using the selected fables in a first order for encryption and in a reverse order for decryption.
  • Figure 2 is a biock diagram illustrating another example of a system 200 for encrypting and decrypting data inciuding selecting tabies and a key used by the encryption and decryption based on a sensed biometnc characteristic.
  • System 200 is similar to system 100 previously described and i!iustrated with reference to Figure 1 , except that in system 200, encryption/decryption device 206 includes key tables.
  • Biometric sensor 102 is communicatively coupled to
  • Encryption/decryption device 206 includes cipher tabies 208 and cipher logic 212 similar to cipher tables 108 and cipher logic 112, respectively, as previously described and illustrated with reference to Figure 1.
  • Cipher tables 210 are communicatively coupled to cipher logic 212 through a communication path 210.
  • encryption/decryption device 208 includes key tables 216.
  • Key tables 216 are communicatively coupled to cipher logic 212 through a communication path 214.
  • Key tables 216 include a plurality of keys (e.g., symmetric keys) used by cipher logic 212 to encrypt or decrypt the input data to provide the output data.
  • the biometric vaiue is also used to select the key used by cipher logic 212.
  • key tabies 216 include 1 ,000,000 to 100,000,000 keys or more for possible selection based on the biometric value. In any case, the greater the number of keys avaiiab!e for selection based on the biometric value, the more secure the encryption process wilt be.
  • any suitable method may be used to select the key used by cipher logic 212 based on the biometric value.
  • the key may be selected based on the entire biometric value or a portion of the biometric vaiue either directly or by using a key-value map.
  • system 200 may begin by having a user authenticate themselves by using a password, pattern lock, or other suitable method. The user may then be prompted to have a biometric characteristic sensed by biometric sensor 102.
  • Biometric sensor 102 senses the biometric characteristic and provides a biometric value representative of the biometric characteristic in a suitable format, such as a text vaiue or numeric value.
  • the biometric vaiue is used by encryption/decryption device 206 to select a subset of tables from cipher tables 208 to be used by cipher logic 212.
  • the biometric va!ue is also used by encryption/decryption device 206 to select a key from key tables 218 to be used by cipher logic 212.
  • Cipher logic 212 then uses the selected subset of tables and the selected key to encrypt or decrypt the input data to provide the output data, !n response to receiving unencrypted input data, cipher logic 212 encrypts the input data to provide encrypted output data, in response to receiving encrypted input data, cipher logic 212 decrypts the input data to provide decrypted output data. Cipher logic 212 performs operations using the selected tables in a first order for encryption and in a reverse order for decryption.
  • FIG. 3 is a biock diagram i!lusfrating one example of a processing system 300 for encrypting and decrypting data based on a sensed biometric characteristic
  • processing system 300 is used to implement system 100 or 200 prevtously described and illustrated with reference to Figures 1 and 2, respectively.
  • Processing system 300 includes a processor 302, a memory 308, input devices 312, and output devices 318.
  • Processor 302, memory 306, input devices 312, and output devices 316 are communicatively coupled to each other through a communication path 304 (e.g. , a bus).
  • a communication path 304 e.g. , a bus
  • Processor 302 includes a Central Processing Unit (CPU) or another suitable processor, in one example, memory 306 stores machine readable instructions executed by processor 306 for operating processing system 300.
  • Memory 308 includes any suitabie combination of volatile and/or non-voiatife memory, such as combinations of Random Access Memory (RAM), Read-Oniy Memory (ROM), flash memory, and/or other suitable memory.
  • Memory 308 stores cipher tables 308 for use by processing system 300.
  • processing system 300 generates cipher tabies 308.
  • Cipher tables 308 include a plurality of fables 1 to N, where "N" is any suitabie number of tabies. The size and format of each table is dependent on the block cipher to be used, !n one example, memory 306 also stores key tabies (not shown) for use by processing system 300.
  • Memory 306 also stores instructions to be executed by processor 302 tnciuding instructions for encryption/decryption logic 310.
  • Processor 302 executes instructions of encryption/decryption logic 310 to perform the encryption and decryption of input data to provide output data as previously described with reference to Figures 1 and 2.
  • input devices 312 inciude a biometric sensor 314, keyboard, mouse, data ports, and/or other suitable devices for inputting information into processing system 300.
  • biometric sensor 314 is used to sense a biometric characteristic of a user for seiecting tables and/or a key for use by
  • Input devices 312 may aiso be used to receive the input data to be encrypted or decrypted and the key to be used to encrypt or decrypt the data.
  • Output devices 316 include a monitor, speakers, data ports, and/or other suitabie devices for outputting information from processing system 300. In one exampie, output devices 316 are used to provide the output data that has been encrypted or decrypted. In other examples, the input data and/or output data may be stored in memory 306.
  • FIG. 4 is a flow diagram illustrating one exampie of a method 400 for encrypting and decrypting data based on a sensed biometric characteristic.
  • data to be encrypted or decrypted is received.
  • a biometric value of an individual is sensed.
  • a first number of tabies are selected from a second number of tabies for a block cipher based on the biometric value, where the first number is less than the second number, in one exampie, each of the first number of tabies is selected based on a different portion of the biometric value, in another exampie, each of the second number of tables is generated for each encryption and decryption in response to each request for encryption or decryption of input data prior to the first number of tables being selected.
  • the biometric vaiue may aiso be used to select the key to be used for the encryption or decryption.
  • the received data is encrypted via the biock cipher using the selected first number of tables in response to receiving unencrypted data or the received data is decrypted via the block cipher using the selected first number of tables in response to receiving encrypted data, in one exampie, the individual is authenticated prior to receiving the data to be encrypted or decrypted.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

One example includes a biometnc sensor and an encryption/decryption device. The biometric sensor is to sense a biometric characteristic of an individual to provide a vaiue that uniquely identifies the individual. The encryption/decryption device encrypts or decrypts data via a block cipher in which tables used by the block cipher to encrypt or decrypt the data are selected based on the value that uniquely identifies the individual.

Description

BLOCK CIPHER
Background
[ββθί] Biock ciphers are a form of cryptography used to encrypt and decrypt data based on a symmetric key. The symmetric key specifies an unvarying transformation to appiy to groups of bits (i.e., biocks) of the data having a fixed length. B!ock ciphers perform multiple rounds of operations, such as substitutions and permutations, on each biock to introduce confusion and diffusion into the encrypted data. The substitution operations are implemented using tables such as substitution boxes (s-boxes). For example, the 64-bit Data Encryption Standard (DES) block cipher uses eight s-boxes to encrypt and decrypt data and the 128-bit DES block cipher uses 16 s-boxes to encrypt and decrypt data.
Brief Description of the Drawings
[0002] Figure 1 is a biock diagram illustrating one example of a system for encrypting and decrypting data.
[0003] Figure 2 is a biock diagram illustrating another exampie of a system for encrypting and decrypting data.
[0004] Figure 3 is a biock diagram ii!ustrating one examp!e of a processing system for encrypting and decrypting data.
[0005] Figure 4 is a flow diagram illustrating one example of a method for encrypting and decrypting data. Detailed Description
[0006] in the following detailed description, reference is made to the
accompanying drawings which form a part hereof, and in which is shown by way of illustration specific examples in which the disclosure may be practiced, it is to be understood that other examples may be utilized and structural or logical changes may be made without departing from the scope of the present disclosure. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims, it is to be understood that features of the various examples described herein may be combined, in part or whole, with each other, unless specifically noted otherwise.
|0007] Block ciphers such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES) use a static set of tables (e.g., s-boxes) and a key (e.g., symmetric key) for encrypting and decrypting data. Although attacking the block ciphers to break the encryption is extremely difficult, if the tables on which the various steps of a block cipher depend are compromised in some way, the block cipher falters. Accordingly, this disclosure describes examples of encryption and decryption in which a subset of tables is selected to be used by the block cipher from a iarger set of tables. The subset of tabies to be used by the block cipher is selected based on a sensed biometnc characteristic of a user. Thus, since the sensed biometric characteristic should vary for each user, the subset of tabies selected to be used by the block cipher should also vary for each user.
[0008] in this way, an extra iayer of security is added to the block ciphers making attacking and breaking the block ciphers much more difficult. Data that is encrypted using tables selected based on a sensed biometric characteristic of a user cannot be decrypted unless the same tabies selected for encryption are also selected for decryption by sensing the same biometric characteristic.
Therefore, if another person other than the user who encrypted the data tries to decrypt the data, the decryption wiii fait, even if the other person has the proper key, since the correct tables wiii not be selected. Further, even if the larger set of tabies of the block cipher is compromised in some way, an attacker wou!d stii! not have any way to determine the subset of tables selected for a particular encryption.
[0009] Figure i is a biock diagram illustrating one example of a system 100 for encrypting and decrypting data inciudtng selecting tables used by the encryption and decryption based on a sensed biometric characteristic. System 100 includes a biometric sensor 102 and an encryption/decryption device 106.
Biometric sensor 102 is communicatively coupled to encryption/decryption device 106 through a communication path 104. Encryption/decryption device 106 includes cipher tabies 108 and cipher logic 112. Cipher fables 108 are communicatively coupled to cipher logic 112 through a communication path 110.
[0010] Biometric sensor 102 includes a physiological or behavioral sensor for sensing a biometric characteristic of a user to provide a biometric vaiue that uniquely identifies the user. For example, a physiological biometric sensor may sense a fingerprint, a palm print, palm veins, hand geometry, a face, an iris, a retina, DMA, or other suitable physioiogicaf characteristic of a user that uniquely identifies the user. A behavioral sensor may sense a voice, a typing rhythm, a gait, or other suitable behavioral characteristic of a user that uniquely identifies the user. After sensing a biometric characteristic of a user, biometric sensor 102 provides a biometric vaiue representative of the biometric characteristic to encryption/decryption device 106 through communication link 104. in one example, biometric sensor 102 encrypts the biometric value prior to providing the biometric vaiue to encryption/decryption device 106.
[0011] Encryption/decryption device 106 receives the biometric value from biometric sensor 102, input data on communication path 114, and a key (e.g., symmetric key) on communication path 116 to provide output data on communication path 118. Cipher tabies 108 include a plurality of tabies (e.g., s- boxes) used by cipher logic 112 to encrypt or decrypt the input data to provide the output data. Cipher iogic 112 may implement any suitable block cipher, such as DES or AES. The number of cipher tabies used by cipher iogic 1 12 depends on the block cipher used. The number of cipher tables 108 is greater than the number of cipher tables used by cipher iogic 1 12 to perform the encryption or decryption. The biometric value is used to select a subset of cipher tables 108 to be used by cipher logic 112.
[0012] in one example, cipher tabies 108 include 100 to 1000 tables or more, which are avaiiabSe for possible selection based on the biometric va!ue. In another example, cipher tabies 108 include at least 10 times the number of tables used by cipher logic 112 such that the cipher iogic uses iess than 10% of the available fables, in any case, the greater the number of cipher tables 108 available for selection based on the biometric vaiue, the more secure the encryption process wilt be. Any suitabie method may be used to select the tables used by cipher logic 112 based on the biometric vaiue. For example, each table may be selected based on a different portion of the biometric vaiue. For a 50 digit decimal text biometric value, for example, every five digits may be used to select a table either directiy or by using a key-vaiue map for a total selection of 10 tables.
[0013] In operation, system 100 may begin by having a user authenticate themselves by using a password, pattern lock, or other suitabie method. The user may then be prompted to have a biometric characteristic sensed by biometric sensor 102. Biometric sensor 102 senses the biometric characteristic and provides a biometric vaiue representative of the biometric characteristic in a suitabie format, such as a text value or numeric vaiue. The biometric vaiue is used by encryption/decryption device 106 to select a subset of tabies from cipher tabies 108 to be used by cipher Iogic 112. Cipher Iogic 112 then uses the selected subset of tables to encrypt or decrypt the input data based on the key to provide the output data, in response to receiving unencrypted input data, cipher logic 112 encrypts the input data to provide encrypted output data. In response to receiving encrypted input data, cipher logic 112 decrypts the input data to provide decrypted output data. Cipher logic 112 performs operations using the selected fables in a first order for encryption and in a reverse order for decryption.
[0014] Figure 2 is a biock diagram illustrating another example of a system 200 for encrypting and decrypting data inciuding selecting tabies and a key used by the encryption and decryption based on a sensed biometnc characteristic.
System 200 is similar to system 100 previously described and i!iustrated with reference to Figure 1 , except that in system 200, encryption/decryption device 206 includes key tables.
[0015] Biometric sensor 102 is communicatively coupled to
encryption/decryption device 206 through a communication path 104.
Encryption/decryption device 206 includes cipher tabies 208 and cipher logic 212 similar to cipher tables 108 and cipher logic 112, respectively, as previously described and illustrated with reference to Figure 1. Cipher tables 210 are communicatively coupled to cipher logic 212 through a communication path 210. In addition, encryption/decryption device 208 includes key tables 216. Key tables 216 are communicatively coupled to cipher logic 212 through a communication path 214.
[0016] Key tables 216 include a plurality of keys (e.g., symmetric keys) used by cipher logic 212 to encrypt or decrypt the input data to provide the output data. In addition to the biometric value being used to select a subset of cipher tabies 208 to be used by cipher logic 212, the biometric vaiue is also used to select the key used by cipher logic 212. in one example, key tabies 216 include 1 ,000,000 to 100,000,000 keys or more for possible selection based on the biometric value. In any case, the greater the number of keys avaiiab!e for selection based on the biometric value, the more secure the encryption process wilt be. Any suitable method may be used to select the key used by cipher logic 212 based on the biometric value. For example, the key may be selected based on the entire biometric value or a portion of the biometric vaiue either directly or by using a key-value map.
[0017] In operation, system 200 may begin by having a user authenticate themselves by using a password, pattern lock, or other suitable method. The user may then be prompted to have a biometric characteristic sensed by biometric sensor 102. Biometric sensor 102 senses the biometric characteristic and provides a biometric value representative of the biometric characteristic in a suitable format, such as a text vaiue or numeric value. The biometric vaiue is used by encryption/decryption device 206 to select a subset of tables from cipher tables 208 to be used by cipher logic 212. The biometric va!ue is also used by encryption/decryption device 206 to select a key from key tables 218 to be used by cipher logic 212. Cipher logic 212 then uses the selected subset of tables and the selected key to encrypt or decrypt the input data to provide the output data, !n response to receiving unencrypted input data, cipher logic 212 encrypts the input data to provide encrypted output data, in response to receiving encrypted input data, cipher logic 212 decrypts the input data to provide decrypted output data. Cipher logic 212 performs operations using the selected tables in a first order for encryption and in a reverse order for decryption.
[OOiS] Figure 3 is a biock diagram i!lusfrating one example of a processing system 300 for encrypting and decrypting data based on a sensed biometric characteristic, in one example, processing system 300 is used to implement system 100 or 200 prevtously described and illustrated with reference to Figures 1 and 2, respectively. Processing system 300 includes a processor 302, a memory 308, input devices 312, and output devices 318. Processor 302, memory 306, input devices 312, and output devices 316 are communicatively coupled to each other through a communication path 304 (e.g. , a bus).
[0019] Processor 302 includes a Central Processing Unit (CPU) or another suitable processor, in one example, memory 306 stores machine readable instructions executed by processor 306 for operating processing system 300. Memory 308 includes any suitabie combination of volatile and/or non-voiatife memory, such as combinations of Random Access Memory (RAM), Read-Oniy Memory (ROM), flash memory, and/or other suitable memory.
[0020] Memory 308 stores cipher tables 308 for use by processing system 300. in one example, processing system 300 generates cipher tabies 308. Cipher tables 308 include a plurality of fables 1 to N, where "N" is any suitabie number of tabies. The size and format of each table is dependent on the block cipher to be used, !n one example, memory 306 also stores key tabies (not shown) for use by processing system 300. Memory 306 also stores instructions to be executed by processor 302 tnciuding instructions for encryption/decryption logic 310. Processor 302 executes instructions of encryption/decryption logic 310 to perform the encryption and decryption of input data to provide output data as previously described with reference to Figures 1 and 2.
[0021] input devices 312 inciude a biometric sensor 314, keyboard, mouse, data ports, and/or other suitable devices for inputting information into processing system 300. in one example, biometric sensor 314 is used to sense a biometric characteristic of a user for seiecting tables and/or a key for use by
encryption/decryption logic 310. Input devices 312 may aiso be used to receive the input data to be encrypted or decrypted and the key to be used to encrypt or decrypt the data. Output devices 316 include a monitor, speakers, data ports, and/or other suitabie devices for outputting information from processing system 300. In one exampie, output devices 316 are used to provide the output data that has been encrypted or decrypted. In other examples, the input data and/or output data may be stored in memory 306.
[0022] Figure 4 is a flow diagram illustrating one exampie of a method 400 for encrypting and decrypting data based on a sensed biometric characteristic. At 402, data to be encrypted or decrypted is received. At 404, a biometric value of an individual is sensed. At 406, a first number of tabies are selected from a second number of tabies for a block cipher based on the biometric value, where the first number is less than the second number, in one exampie, each of the first number of tabies is selected based on a different portion of the biometric value, in another exampie, each of the second number of tables is generated for each encryption and decryption in response to each request for encryption or decryption of input data prior to the first number of tables being selected. The biometric vaiue may aiso be used to select the key to be used for the encryption or decryption. At 408, the received data is encrypted via the biock cipher using the selected first number of tables in response to receiving unencrypted data or the received data is decrypted via the block cipher using the selected first number of tables in response to receiving encrypted data, in one exampie, the individual is authenticated prior to receiving the data to be encrypted or decrypted.
[0023] Although specific examples have been illustrated and described herein, a variety of alternate and/or equivalent implementations may be substituted for the specific examples shown and described without departing from the scope of the present disclosure. This application is intended to cover any adaptations or variations of the specific examples discussed herein. Therefore, it is intended that this disclosure be iimtted oniy by the claims and the ecfui¥aients thereof.

Claims

1. A system comprising:
a biometric sensor to sense a biometric characteristic of an individua! to provide a value that uniquely identifies the individua!; and
an encryption/decryption device to encrypt or decrypt data via a biock cipher in which iabies used by the biock cipher to encrypt or decrypt the data are selected based on the va!ue that uniquely identifies the individua!.
2. The system of ciaim 1 , wherein the biometric sensor comprises a fingerprint sensor.
3. The system of claim 1 , wherein the biometric sensor comprises a physiological sensor.
4. The system of ciaim 1 , wherein the biometric sensor comprises a behavioral sensor.
5. The system of claim 1 , wherein the block cipher comprises a data encryption standard cipher or an advance encryption standard cipher.
6. A system comprising:
a processor; and
a memory communicatively coupled to the processor, the memory storing instructions causing the processor to:
receive data to be encrypted or decrypted;
receive a biometric value of an individua!; and
encrypt or decrypt the received data via a biock cipher in which tables used by the biock cipher to encrypt or decrypt the received data are selected based on the biometric value.
7. The system of claim 6, wherein the tables comprise greater than 100 tables.
8. The system of claim 6, wherein iess than 10% of the tables are selected.
9. The system of claim 6, wherein the biometric value is encrypted.
10. The system of claim 6, wherein the memory stores instructions causing the processor to further:
authenticate the individual prior to receiving the biometric value.
11. A method comprising:
receiving data to be encrypted or decrypted;
sensing a biometric vaiue of an individual;
selecting a first number of tables from a second number of tables for a block cipher based on the biometric vaiue, the first number being less than the second number; and
encrypting the received data via the block cipher using the selected first number of tables in response to receiving unencrypted data or encrypting the received data via the block cipher using the selected first number of tables in response to receiving encrypted data.
12. The method of claim 11 , further comprising:
authenticating the individual prior to receiving the data and sensing the biometric vaiue of the individual.
13. The method of claim 11 , wherein selecting the first number of tables comprises selecting each table based on a different portion of the biometric value.
14. The method of claim 11 , further compr generaimg the second number of tables for each encryption and decryption.
15. The method of ciaim 11 , further comprising:
selecting a key for the b!ock cipher based on the biometric va!ue.
PCT/US2016/014497 2015-01-28 2016-01-22 Block cipher WO2016190910A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN401/CHE/2015 2015-01-28
IN401CH2015 2015-01-28

Publications (2)

Publication Number Publication Date
WO2016190910A2 true WO2016190910A2 (en) 2016-12-01
WO2016190910A3 WO2016190910A3 (en) 2017-01-19

Family

ID=57392199

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/014497 WO2016190910A2 (en) 2015-01-28 2016-01-22 Block cipher

Country Status (1)

Country Link
WO (1) WO2016190910A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210383017A1 (en) * 2018-10-18 2021-12-09 Banks And Acquirers International Holding Method and Device for Protecting Data Entered by Means of a Non-Secure User Interface

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2203212A1 (en) * 1997-04-21 1998-10-21 Vijayakumar Bhagavatula Methodology for biometric encryption
JP4622334B2 (en) * 2004-06-23 2011-02-02 日本電気株式会社 Content data utilization system and method, mobile communication terminal and program
WO2006070322A1 (en) * 2004-12-28 2006-07-06 Koninklijke Philips Electronics N.V. Key generation using biometric data and secret extraction codes
US8175265B2 (en) * 2008-09-02 2012-05-08 Apple Inc. Systems and methods for implementing block cipher algorithms on attacker-controlled systems
US9825761B2 (en) * 2010-04-06 2017-11-21 King Saud University Systems and methods improving cryptosystems with biometrics

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210383017A1 (en) * 2018-10-18 2021-12-09 Banks And Acquirers International Holding Method and Device for Protecting Data Entered by Means of a Non-Secure User Interface

Also Published As

Publication number Publication date
WO2016190910A3 (en) 2017-01-19

Similar Documents

Publication Publication Date Title
CN105743645B (en) Stream code key generating means, method and data encryption, decryption method based on PUF
CN107038383A (en) A kind of method and apparatus of data processing
CN102185694A (en) Electronic file encrypting method and system based on fingerprint information
CN105406969A (en) Apparatus And Method For Data Encryption
AU2015202994A1 (en) Cryptographic method for securely exchanging messages and device and system for implementing this method
JP2019068413A (en) Method and system fo transferring data safely
WO2017050152A1 (en) Password security system adopted by mobile apparatus and secure password entering method thereof
CN112385175B (en) Device for data encryption and integrity
CN103501220B (en) encryption method and device
KR102625879B1 (en) Method for generating key in crypto system using biometric information
WO2016190910A2 (en) Block cipher
Schroé et al. Forgery and subkey recovery on CAESAR candidate iFeed
CN106850206A (en) Dynamic password protection system and method based on PLC
EP3066861B1 (en) Method to detect an ota (over the air) standard message affected by an error
CN111314053B (en) Data encryption and decryption method
CN106027553A (en) Encryption/decryption method based on dynamic password
EP3236631B1 (en) Data checking device and data checking method using the same
CN101150401A (en) A Chinese password technology
US20230037804A1 (en) Power analysis attack protection
JP2015082077A (en) Encryption device, control method, and program
CN114567436B (en) Biological characteristic data security access control method
Pathak et al. Towards the Proposal of Mobile Security Encryption Algorithm:“RHINO256”
Wills Cryptography
Verma et al. An innovative Enciphering Scheme based on Caesar Cipher
KR20210019889A (en) System and method for protecting authentication template

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16800411

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16800411

Country of ref document: EP

Kind code of ref document: A2